<?php
class Auth {
    private $conn;
    
    public function __construct($db_connection) {
        $this->conn = $db_connection;
        session_start();
    }
    
    public function login($username, $password) {
        $username = $this->conn->real_escape_string($username);
        
        $sql = "SELECT id, username, password, role FROM users WHERE username = '$username'";
        $result = $this->conn->query($sql);
        
        if ($result->num_rows == 1) {
            $user = $result->fetch_assoc();
            if (password_verify($password, $user['password'])) {
                $_SESSION['user_id'] = $user['id'];
                $_SESSION['username'] = $user['username'];
                $_SESSION['role'] = $user['role'];
                return true;
            }
        }
        return false;
    }
    
    public function isLoggedIn() {
        return isset($_SESSION['user_id']);
    }
    
    public function logout() {
        session_destroy();
    }
} 